How Cyber Attacks Happen

How cyber-attacks happen

The majority of cyber-attacks aimed at Northern Ireland citizens and businesses are of a low sophistication. These are only possible because a device or system security vulnerability has been able to be exploited. In most cases, the adversary never comes face-to-face with the victim.

Most cyber-attacks rely on a vulnerability to be exploited this can be a technology exploit or a person exploit through clever social engineering and manipulation.

  • Vulnerability
    Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
     
  • Social engineering
    Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

We can draw similarities to the real world, the easier it is to gain access to a property the more likely you are to be the victim of a burglary. If doors and windows are left unlocked, burglars are able to exploit this vulnerability in your property security to gain access with malicious intent.

It is estimated that 99.9% of the time cyber-attacks are only possible because of poor cyber hygiene or a lack of security awareness. In effect, we are leaving our virtual doors and windows open for attack by cybercriminals. Would you leave your doors and windows unlocked?

  • Cyber hygiene
    Cyber hygiene is often compared to personal hygiene. Much like an individual engages in certain personal hygiene practices to maintain good health and well-being, cyber hygiene practices can keep devices, systems and data safe and secure.

Common vulnerabilities that cyber attackers use to gain access

  • Exposure of identity and login credentials
    1. Usernames and passwords accessed through accidental disclosure or as a result of social engineering. 
    2. Credentials available on the dark web as a result of a data breach.
      It is strongly recommended that you check if your domain or email has been compromised through have i been pwned?.
    3. Brute force attack.
      Poor or weak passwords and lack of password policy protection allow passwords to be guessed electronically.
  • Security vulnerabilities exposed due to software and systems not being patched.
    1. Find out how to update the operating system of your devices, laptops, mobiles, TV's, smart devices and more...
    2. Ensure you know what applications are installed on your devices and that these remain up to date
    3. Ensure that any security updates are installed immediately on release
  • Lack of AntiVirus or Malware software installed on devices
    1. Ensure that your devices have antivirus or malware software configured on the devices and remain up to date
    2. Ensure that this is switched on and active.
  • Loss of data and/or mobile devices.
    1. Mobile devices are easily lost, stolen or broken ensure that you have a means to backup and retrieve the important data on your devices.
    2. Switch on services to locate your devices.
  • Loss of sensitive data by 3rd parties
    1. Many times you can be careful with your data and information only to find that 3rd party trusted service providers have had a data breach. This compromise also compromises you and you need to take action if this happens.
  • The information posted on social media and business information pages
    1. What you or others post about you in various places on social media can be collected and collated to build a very good composite picture of a person. This information can be used to be part of an attack on you or your family, friends or business partners by an attacker pretending to be you.